connection_exit_begin_conn: flags are checked even on onion service connections.
In connection_exit_begin_conn
, we reject any BEGIN message that has BEGIN_FLAG_IPV4_NOT_OK
if we do not have Ipv6Exit
set in our options. That is okay for exit streams, but for onion service streams, we should be ignoring these flags.
I'm not going to call this a security vulnerability, since we strongly recommend not running onion services on relays, let alone on exit relays.